https://pulumi.com logo
Join Slack
Powered by
is there a pattern for breaking up one big resourc...
# python
h
is there a pattern for breaking up one big resource into smaller ones? In particular, I'm looking at the tailscale integration, where there's one big ACL resource, and I'd like to break that up into individual tags and grants and stuff
b
tailscale’s acl resource doesn’t support this, sadly, it’s one big API. very frustrating 😞
h
yeah. I was thinking maybe in the python layer, there's a way to define virtual resources that get automatically consolidated into the real ACL resource
just figured i'd ask around before i go committing black magick
b
that’s an interesting idea, the ACL is just a JSON dict, let me mull it over
h
maybe make a component resource that's a context manager and calls 
register_outputs()
in the 
__exit__
instead of the 
__init__
or sets up a collection point on the first call and then compiles the acl document when the run is finished (triggered by ???)
b
the latter is what I initially thought, it could even just be a componentreousrce that outputs a string, then does 
pulumi.Output.all
to concat them at a base level
h
i already wrote some framework that might be usable in the former for azure environments (you set the current environment through a context manager, other components can ask for the current environment to get stuff like resource groups and networks)
so the more i think about this, the more I think that the tailscale module is just a bad abstraction. In addition to all the stuff discussed above about the ACL document actually being a bunch of resources compiled together, managing machine properties is really annoying. So, you can't create a machine in Tailscale. You create an auth key, hand it to the machine, and the machine creates itself. Which means that to manage machine properties (eg tags or key expiry), you have two different regimes: • If the machine doesn't exist yet, you attach them to the auth key when you (re)create it • If the machine does exist, you modify its properties The current module manages Machines and Authkeys as distinct resources, which means that coordinating tailscale resources with VM creation is.... annoying, ugly, and probably causes some weirdness in the stack state. I would much rather condense them into one resource that does the appropriate switching behind the scenes.
(i don't even know how to get the tailscale provider linked with the VM, so that if the VM is recreated, the Tailscale bits are also recreated)
Open in Slack
PreviousNext
Powered by